Infopulse Standards Compliance Manager

These standards give a clear overview of the most important tasks of security management as a system. It provides assistance in implementing these recommendations in the form of the IT-Grundschutz methodology. The IT-Grundschutz methodology provides organizations of different sizes and types with clear-cut instructions as for building an information security management system as well as with specific safeguards related to its aspects.

ISO 27001 is an international standard on information security management. The ISO 27001 provides normative specifications regarding the implementation, operation, and enhancement of a documented Information Security Management System (ISMS). It contains more than a hundred safeguards (controls) that are to be selected in consideration of the relevant risks.

The ISO 27002 standard provides a detailed description of information security objectives and contains a comprehensive list of generally accepted good practice covering security controls in 12 basic areas such as, for instance, risk assessment, security policy, access control, physical and environmental security, etc. Every organization applies these security controls to the extent and consideration of its individual risks.

ISO 22301 specifies security requirements related to Business Continuity and Disaster Recovery (BC/DR). It specifies requirements as to planning, establishing, implementing, maintaining and continually improving a BC/DR management system to protect against disruptive incidents. The requirements specified in ISO 22301 are generic and intended to be applicable to all organizations of any type, size and nature.

Automotive SPICE, or ASPICE, is the industry-specific standard adopted in automobile production to guide software development of embedded automotive systems under the new market demands for safety, environment protection and economic efficiency. Based on ISO/IEC 33004, ISO/IEC 12207, and ISO/IEC 15504 modified with industry-specific details, it is elaborated in two dimensions: the process and the process capability level.

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies.

Infopulse SCM incorporates a number of other standards related to Information Security risk management polices (ISO 27005), IT service management (ISO 20000), efficiency and quality management (ISO 9001), Code of Conduct (ISO 27018), safety-related electronic and electrical systems (ISO 26262), payment cards transactions safety (PCI DSS), etc.